# Zero-Knowledge Proofs from Secure Multiparty Computation

## Abstract

*zero-knowledge proof*allows a prover to convince a verifier of an assertion without revealing any further information beyond the fact that the assertion is true.

*Secure multiparty computation*allows

*n*mutually suspicious players to jointly compute a function of their local inputs without revealing to any

*t*corrupted players additional information beyond the output of the function. We present a new general connection between these two fundamental notions. Specifically, we present a general construction of a zero-knowledge proof for an NP relation $R(x,w)$, which makes only a

*black-box*use of any secure protocol for a related

*multiparty*functionality

*f*. The latter protocol is required only to be secure against a small number of “honest but curious” players. We also present a variant of the basic construction that can leverage security against a large number of

*malicious*players to obtain better efficiency. As an application, one can translate previous results on the efficiency of secure multiparty computation to the domain of zero-knowledge, improving over previous constructions of efficient zero-knowledge proofs. In particular, if verifying

*R*on a witness of length

*m*can be done by a circuit

*C*of size

*s*, and assuming that one-way functions exist, we get the following types of zero-knowledge proof protocols: (1)

*Approaching the witness length*. If

*C*has constant depth over $\wedge,\vee,\oplus,\neg$ gates of unbounded fan-in, we get a zero-knowledge proof protocol with communication complexity $m\cdot{poly}(k)\cdot{polylog}(s)$, where

*k*is a security parameter. (2)

*“Constant-rate” zero-knowledge*. For an

*arbitrary*circuit

*C*of size

*s*and a bounded fan-in, we get a zero-knowledge protocol with communication complexity $O(s)+{poly}(k,\log s)$. Thus, for large circuits, the ratio between the communication complexity and the circuit size approaches a constant. This improves over the $O(ks)$ complexity of the best previous protocols.

### MSC codes

### Keywords

## Get full access to this article

View all available purchase options and get full access to this article.

## References

*Secure computation of constant-depth circuits with applications to database search problems*, in Proceedings of the 25th Annual International Cryptology Conference (CRYPTO 2005), Santa Barbara, CA, 2005, Springer-Verlag, Berlin, 2005, pp. 395–411.

*The (true) complexity of statistical zero knowledge*, in Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (STOC), Baltimore, MD, ACM, New York, 1990, pp. 494–502.

*Completeness theorems for non-cryptographic fault-tolerant distributed computation*, in Proceedings of the 20th Annual ACM Symposium on the Theory of Computing (STOC), ACM, New York, 1988, pp. 1–10.

*Coin flipping by telephone - a protocol for solving impossible problems*, in COMPCON'82, Proceedings of the 24th IEEE Computer Society International Conference, San Francisco, CA, 1982, IEEE Computer Society Press, Piscataway, NJ, 1982, pp. 133–137.

*J. ACM*, 42 (1995), pp. 1169–1193.

*J. Cryptology*, 13 (2000), pp. 449–472.

*J. Cryptology*, 13 (2000), pp. 143–202.

*Multiparty unconditionally secure protocols (extended abstract)*, in Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1988, pp. 11–19.

*Algebraic geometric secret sharing schemes and secure multi-party computations over small fields*, in Proceedings of the 26th Annual International Cryptology Conference (CRYPTO 2006), Santa Barbara, CA, Springer-Verlag, Berlin, 2006, pp. 521–536.

*Linear zero-knowledge—A note on efficient zero-knowledge proofs and arguments*, in Proceedings of the 29th Annual ACM Symposium on Theory of Computing (STOC), El Paso, TX, ACM, New York, 1997, pp. 436–445.

*Zero-knowledge proofs for finite field arithmetic; or: Can zero-knowledge be for free?*, in Advances in Cryptology (CRYPTO '98), Lecture Notes in Comput. Sci. 1462, Springer, New York, 1998, pp. 424–441.

*Constant-round multiparty computation using a black-box pseudorandom generator*, in Proceedings of the 25th Annual International Cryptology Conference (CRYPTO 2005), Santa Barbara, CA, Springer-Verlag, Berlin, 2005, pp. 378–394.

*Scalable secure multiparty computation*, in Proceedings of the 26th Annual International Cryptology Conference (CRYPTO 2006), Santa Barbara, CA, Springer-Verlag, Berlin, 2006, pp. 501–520.

*Comm. ACM*, 28 (1985), pp. 637–647.

*Communication complexity of secure computation*, in Proceedings of the 24th Annual ACM Symposium on Theory of Computing (STOC), Victoria, BC, Canada, ACM, New York, 1992, pp. 699–710.

*Foundations of Cryptography: Basic Tools*, Cambridge University Press, Cambridge, UK, 2001.

*Foundations of Cryptography: Basic Applications*, Cambridge University Press, Cambridge, UK, 2004.

*J. Cryptology*, 9 (1996), pp. 167–190.

*Inform. Process. Lett.*, 67 (1998), pp. 205–214.

*How to prove all NP-statements in zero-knowledge, and a methodology of cryptographic protocol design*, in Advances in Cryptology (CRYPTO '86), Lecture Notes in Comput. Sci. 263, Springer, New York, 1987, pp. 171–185.

*How to play any mental game (extended abstract)*, in Proceedings of the 19th Annual ACM Symposium on Theory of Computing (STOC), New York, NY, 1987, ACM, New York, 1987, pp. 218–229.

*J. Cryptology*, 7 (1994), pp. 1–32.

*Delegating computation: Interactive proofs for muggles*, in Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC), Victoria, BC, Canada, ACM, New York, 2008, pp. 113–122.

*SIAM J. Comput.*, 18 (1989), pp. 186–208.

*Perfect non-interactive zero knowledge for NP*, in Proceedings of the 25th International Cryptology Conference (EUROCRYPT 2006), Saint Petersburg, Russia, 2006, Lecture Notes in Comput. Sci. 4004, Springer, New York, 2006, pp. 339–358.

*semihonest to malicious oblivious transfer—The black-box way*, in Proceedings of the 5th IACR Theory of Cryptology Conference (TCC 2008), New York, NY, 2008, pp. 412–426.

*Statistically-hiding commitment from any one-way function*, in Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC), San Diego, CA, ACM, New York, 2007, pp. 1–10.

*OT-combiners from secure computation*, in Proceedings of the 5th IACR Theory of Cryptology Conference (TCC 2008), New York, NY, 2008, pp. 393–411.

*SIAM J. Comput.*, 28 (1999), pp. 1364–1396.

*Limits on the provable consequences of one-way permutations*, in Advances in Cryptology (CRYPTO'88), Lecture Notes in Comput. Sci. 403, Springer, New York, 1990, pp. 8–26.

*Black-box constructions for secure computation*, in Proceedings of the 38th Annual ACM Symposium on Theory of Computing (STOC), Seattle, WA, ACM, New York, 2006, pp. 99–108.

*Zero-knowledge from secure multiparty computation*, in Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC), San Diego, CA, ACM, New York, 2007, pp. 21–30.

*Founding cryptography on oblivious transfer—efficiently*, in Proceedings of the 28th Annual International Cryptology Conference (CRYPTO 2008), Santa Barbara, CA, Springer-Verlag, Berlin, 2008, pp. 572–591.

*Succinct non-interactive zero-knowledge proofs with preprocessing for LOGSNP*, in Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS), Berkeley, CA, IEEE Computer Society Press, Piscataway, NJ, 2006, pp. 355–366.

*Interactive PCP*, in Proceedings of the 35th International Colloquium on Automata, Languages and Programming (ICALP), Reykjavik, Iceland, Springer, New York, 2008, pp. 536–547.

*Founding cryptography on oblivious transfer*, in Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1988, pp. 20–31.

*A note on efficient zero-knowledge proofs and arguments (extended abstract)*, in Proceedings of the 24th Annual ACM Symposium on Theory of Computing (STOC), Victoria, BC, Canada, ACM, New York, 1992, pp. 723–732.

*SIAM J. Comput.*, 29 (2000), pp. 1189–1208.

*J. Cryptology*, 11 (1998), pp. 1–27.

*Minimum resource zero-knowledge proofs*, in Proceedings of the 30th Annual IEEE Symposium on Foundations of Computer Science (FOCS), Research Triangle Park, NC, IEEE Computer Society Press, Piscataway, NJ, 1989, pp. 474–479.

*Reducibility and completeness in multi-party private computations*, in Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science (FOCS), Santa Fe, NM, IEEE Computer Society Press, Piscataway, NJ, 1994, pp. 478–489.

*Secure multi-party computation made simple*, in Proceedings of the Third Conference on Security in Communication Networks (SCN 2002), Almafi, Italy, Lecture Notes in Comput. Sci. 2576, Springer, New York, 2002, pp. 14–28.

*SIAM J. Comput.*, 30 (2000), pp. 1253–1298.

*J. Cryptology*, 4 (1991), pp. 151–158.

*One-way functions are essential for non-trivial zero-knowledge*, in Proceedings of the Second Israel Symposium on Theory of Computing and Systems (ISTCS), Natanya, Israel, IEEE Computer Society Press, Piscataway, NJ, 1993, pp. 3–17.

*Concurrent zero-knowledge with logarithmic round complexity*, in Proceedings of the 43rd Annual IEEE Symposium on Foundations of Computer Science (FOCS), Vancouver, BC, Canada, IEEE Computer Society Press, Piscataway, NJ, 2002, pp. 366–375.

*How to Exchange Secrets by Oblivious Transfer*, Technical Memo TR-81, Aiken Computation Laboratory, Harvard University, Cambridge, MA, 1981.

*Verifiable secret sharing and multiparty protocols with honest majority*, in Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC), Seattle, WA, ACM, New York, 1989, pp. 73–85.

*Math. Notes Acad. Sci. USSR*, 41 (1987), pp. 333–338.

*Notions of reducibility between cryptographic primitives*, in Proceedings of the 1st Theory of Cryptology Conference (TCC), Cambridge, MA, 2004, pp. 1–20.

*A note on constant round zero knowledge proofs for NP*, in Proceedings of the 1st Theory of Cryptology Conference (TCC), Cambridge, MA, 2004, pp. 191–202.

*Comm. ACM*, 22 (1979), pp. 612–613.

*Algebraic methods in the theory of lower bound for Boolean circuit complexity*, in Proceedings of the 19th Annual ACM Symposium on Theory of Computing (STOC), New York, NY, ACM, New York, 1987, pp. 77–82.

*How to generate and exchange secrets*, in Proceedings of the 27th Annual IEEE Symposium on Foundations of Computer Science (FOCS), Toronto, Canada, IEEE Computer Society Press, Piscataway, NJ, 1986, pp. 162–167.

## Information & Authors

### Information

#### Published In

#### Copyright

#### History

**Submitted**: 14 February 2008

**Accepted**: 2 December 2008

**Published online**: 2 September 2009

#### MSC codes

#### Keywords

### Authors

## Metrics & Citations

### Metrics

### Citations

If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.

#### Cited By

- PERK: compact signature scheme based on a new variant of the permuted kernel problemDesigns, Codes and Cryptography, Vol. 91 | 27 March 2024
- An efficient post-quantum secure dynamic EPID signature scheme using latticesMultimedia Tools and Applications, Vol. 83, No. 5 | 10 July 2023
- Zero-Knowledge Systems from MPC-in-the-Head and Oblivious TransferCryptography and Coding | 4 December 2023
- Commitments with Efficient Zero-Knowledge Arguments from Subset Sum ProblemsComputer Security – ESORICS 2023 | 12 January 2024
- On Sigma-Protocols and (Packed) Black-Box Secret Sharing SchemesPublic-Key Cryptography – PKC 2024 | 14 April 2024
- New Proof Systems and an OPRF from CSIDHPublic-Key Cryptography – PKC 2024 | 14 April 2024
- A Survey on Exotic Signatures for Post-quantum Blockchain: Challenges and Research DirectionsACM Computing Surveys, Vol. 55, No. 12 | 2 March 2023
- Ligero: lightweight sublinear arguments without a trusted setupDesigns, Codes and Cryptography, Vol. 91, No. 11 | 13 July 2023
- Proximity Gaps for Reed–Solomon CodesJournal of the ACM, Vol. 70, No. 5 | 11 October 2023
- Actively Secure Garbled Circuits with Constant Communication Overhead in the Plain ModelJournal of Cryptology, Vol. 36, No. 3 | 8 June 2023
- Efficient Isogeny Proofs Using Generic TechniquesApplied Cryptography and Network Security | 28 May 2023
- Efficiency and Security Trade-offs of Secure Multi-Party Computation for Machine LearningProcedia Computer Science, Vol. 225 | 1 Jan 2023
- ZK-PCPs from Leakage-Resilient Secret SharingJournal of Cryptology, Vol. 35, No. 4 | 25 July 2022
- Legendre PRF (Multiple) Key Attacks and the Power of Preprocessing2022 IEEE 35th Computer Security Foundations Symposium (CSF) | 1 Aug 2022
- A Federated Learning-Based Light-Weight Privacy-Preserving Framework for Smart Healthcare SystemsHandbook of Research on Design, Deployment, Automation, and Testing Strategies for 6G Mobile Core Network | 4 Mar 2022
- Asymptotically Quasi-Optimal CryptographyAdvances in Cryptology – EUROCRYPT 2022 | 25 May 2022
- Faster Sounder Succinct Arguments and $$\textsf{IOP}$$sAdvances in Cryptology – CRYPTO 2022 | 12 October 2022
- Succinct Interactive Oracle Proofs: Applications and LimitationsAdvances in Cryptology – CRYPTO 2022 | 12 October 2022
- Post-Quantum Verifiable Random Function from Symmetric Primitives in PoS BlockchainComputer Security – ESORICS 2022 | 25 September 2022
- MR-DSS – Smaller MinRank-Based (Ring-)SignaturesPost-Quantum Cryptography | 21 September 2022
- Analysis and comparison of the main zero-knowledge proof scheme2022 International Conference on Big Data, Information and Computer Network (BDICN) | 1 Jan 2022
- Electronic Voting Scheme Based on Blockchain and SM2 Cryptographic Algorithm Zero-Knowledge ProofWeb Services – ICWS 2022 | 16 December 2022
- Zero-Knowledge Protocols for the Subset Sum Problem from MPC-in-the-Head with RejectionAdvances in Cryptology – ASIACRYPT 2022 | 30 January 2023
- Compact Designated Verifier NIZKs from the CDH Assumption Without PairingsJournal of Cryptology, Vol. 34, No. 4 | 18 September 2021
- Traceable ring signatures: general framework and post-quantum securityDesigns, Codes and Cryptography, Vol. 89, No. 6 | 27 March 2021
- An Intermediate Secret-Guessing Attack on Hash-Based SignaturesAdvances in Information and Computer Security | 27 August 2021
- Efficient Permutation Protocol for MPC in the HeadSecurity and Trust Management | 4 December 2021
- Proximity Gaps for Reed–Solomon Codes2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS) | 1 Nov 2020
- SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel AnalysisProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security | 2 November 2020
- Multi-theorem Preprocessing NIZKs from LatticesJournal of Cryptology, Vol. 33, No. 3 | 26 April 2019
- LegRoast: Efficient Post-quantum Signatures from the Legendre PRFPost-Quantum Cryptography | 10 April 2020
- On the Power of Secure Two-Party ComputationJournal of Cryptology, Vol. 33, No. 1 | 7 February 2019
- Secure Multi-party Quantum Computation with a Dishonest MajorityAdvances in Cryptology – EUROCRYPT 2020 | 1 May 2020
- Round-Optimal Black-Box Commit-and-Prove with Succinct CommunicationAdvances in Cryptology – CRYPTO 2020 | 10 August 2020
- Towards Efficiency-Preserving Round Compression in MPCAdvances in Cryptology – ASIACRYPT 2020 | 5 December 2020
- SonicProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security | 6 November 2019
- LevioSAProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security | 6 November 2019
- What Security Can We Achieve Within 4 Rounds?Journal of Cryptology, Vol. 32, No. 4 | 22 May 2019
- DGM: A Dynamic and Revocable Group Merkle SignatureComputer Security – ESORICS 2019 | 15 September 2019
- Designated Verifier/Prover and Preprocessing NIZKs from Diffie-Hellman AssumptionsAdvances in Cryptology – EUROCRYPT 2019 | 24 April 2019
- Post-quantum EPID Signatures from Symmetric PrimitivesTopics in Cryptology – CT-RSA 2019 | 3 February 2019
- Reusable Non-Interactive Secure ComputationAdvances in Cryptology – CRYPTO 2019 | 1 August 2019
- Exploring Constructions of Compact NIZKs from Various AssumptionsAdvances in Cryptology – CRYPTO 2019 | 1 August 2019
- Compressing Vector OLEProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security | 15 January 2018
- Generic Double-Authentication Preventing Signatures and a Post-quantum InstantiationProvable Security | 7 October 2018
- Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program ExecutionAdvances in Cryptology – ASIACRYPT 2018 | 27 October 2018
- Round-Optimal Fully Black-Box Zero-Knowledge Arguments from One-Way PermutationsTheory of Cryptography | 4 November 2018
- Efficient Adaptively Secure Zero-Knowledge from Garbled CircuitsPublic-Key Cryptography – PKC 2018 | 1 March 2018
- Amortized Complexity of Information-Theoretically Secure MPC RevisitedAdvances in Cryptology – CRYPTO 2018 | 24 July 2018
- Multi-Theorem Preprocessing NIZKs from LatticesAdvances in Cryptology – CRYPTO 2018 | 24 July 2018
- Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key PrimitivesPost-Quantum Cryptography | 1 April 2018
- Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key PrimitivesProceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security | 30 October 2017
- LigeroProceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security | 30 October 2017
- Group-Based Secure Computation: Optimizing Rounds, Communication, and ComputationAdvances in Cryptology – EUROCRYPT 2017 | 1 April 2017
- Computational Integrity with a Public Random String from Quasi-Linear PCPsAdvances in Cryptology – EUROCRYPT 2017 | 1 April 2017
- Faster Zero-Knowledge Protocols and ApplicationsInnovative Security Solutions for Information Technology and Communications | 29 October 2017
- Actively Secure Garbled Circuits with Constant Communication Overhead in the Plain ModelTheory of Cryptography | 5 November 2017
- Linear-Time Zero-Knowledge Proofs for Arithmetic Circuit SatisfiabilityAdvances in Cryptology – ASIACRYPT 2017 | 17 November 2017
- Secure three-party computational protocols for triangle areaInternational Journal of Information Security, Vol. 15, No. 1 | 21 April 2015
- Quasi-Linear Size Zero Knowledge from Linear-Algebraic PCPsTheory of Cryptography | 24 December 2015
- On the Power of Secure Two-Party ComputationAdvances in Cryptology – CRYPTO 2016 | 21 July 2016
- Composable Security in the Tamper-Proof Hardware Model Under Minimal ComplexityTheory of Cryptography | 22 October 2016
- 3-Message Zero Knowledge Against Human IgnoranceTheory of Cryptography | 22 October 2016
- Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge ProofsJournal of Cryptology, Vol. 28, No. 4 | 18 April 2014
- Squares of Random Linear CodesIEEE Transactions on Information Theory, Vol. 61, No. 3 | 1 Mar 2015
- One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a CoinAdvances in Cryptology - EUROCRYPT 2015 | 14 April 2015
- On the Amortized Complexity of Zero-Knowledge ProtocolsJournal of Cryptology, Vol. 27, No. 2 | 31 January 2013
- A Secure Three-Party Computational Protocol for Triangle AreaInformation Security and Privacy | 1 Jan 2014
- Compact VSS and Efficient Homomorphic UC CommitmentsAdvances in Cryptology – ASIACRYPT 2014 | 1 Jan 2014
- Superposition Attacks on Cryptographic ProtocolsInformation Theoretic Security | 23 January 2014
- Efficient Multiparty Protocols via Log-Depth Threshold FormulaeAdvances in Cryptology – CRYPTO 2013 | 1 Jan 2013
- Constructing Non-malleable Commitments: A Black-Box Approach2012 IEEE 53rd Annual Symposium on Foundations of Computer Science | 1 Oct 2012
- On the Amortized Complexity of Zero Knowledge Protocols for Multiplicative RelationsInformation Theoretic Security | 1 Jan 2012
- Zero-Knowledge Proofs via Polynomial RepresentationsMathematical Foundations of Computer Science 2012 | 1 Jan 2012
- Efficient Zero-Knowledge Arguments from Two-Tiered Homomorphic CommitmentsAdvances in Cryptology – ASIACRYPT 2011 | 1 Jan 2011

## View Options

### Get Access

**Access via your Institution**- Questions about how to access this content? Contact SIAM at
**[email protected]**.